frankabhinav Super Contributor.
Super Contributor.
662 views

Managing Datastore

I want to store the enterprise credential vault objects and i am trying the following steps in PAM 3.2:-

click Enterprise Credential Vault --> Datastore --> Settings.--> LDAP

Added a datastore (My edirectory is installed on suse linux server (/opt/novell/edirectory).

Name: edirectory
Host: 192.168.1.XXX
Port: 389
Admin DN: cn=admin,ou=sa,o=system
Password: Admin DN password.
Container DN: o=data
Getting error
For 389 confidentiality required
For 636 extend the ldap schema for credentioal vault

But i cannot find doc for Extending the LDAP Directory Schema in linux server.

Please help me it is a new feature for me.

i have found some doc on extending schema https://www.netiq.com/documentation/edir88/edir88/data/amijij0.html
should i follow this doc
0 Likes
2 Replies
frankabhinav Super Contributor.
Super Contributor.

Re: Managing Datastore

frankabhinav;2470930 wrote:
I want to store the enterprise credential vault objects and i am trying the following steps in PAM 3.2:-

click Enterprise Credential Vault --> Datastore --> Settings.--> LDAP

Added a datastore (My edirectory is installed on suse linux server (/opt/novell/edirectory).

Name: edirectory
Host: 192.168.1.XXX
Port: 389
Admin DN: cn=admin,ou=sa,o=system
Password: Admin DN password.
Container DN: o=data
Getting error
For 389 confidentiality required
For 636 extend the ldap schema for credentioal vault

But i cannot find doc for Extending the LDAP Directory Schema in linux server.

Please help me it is a new feature for me.

i have found some doc on extending schema https://www.netiq.com/documentation/edir88/edir88/data/amijij0.html
should i follow this doc


Inside i get the follwing error
Error, PAM LDAP TestCredentialVault OU=TestCredentialVault,o=data could not be created - LDAP err code = 65
Warning, LDAP bind failed, error 13 (Confidentiality required)
Thu Nov 30 13:14:48 2017, 31, 1126098688, 2340, Error, LDAP authentication failed - 13
Thu Nov 30 13:14:48 2017, 31, 1126098688, 2340, Error, Test Connection Failed with Error : 182513
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Managing Datastore

For LDAP port 389, the "confidentially required" error is a response from the LDAP server. The LDAP server is not allowing simple binds in clear text, which could potentially be a security issue. The LDAP server could be configured to allow this sort of simple bind, if necessary; however, I recommend using port 636 for secure LDAP binds.

PAM offers the ability to Manage the Datastore in a SQLite database or in an external datastore (LDAP). To store in an external datastore such as LDAP, there are pre-requisite steps that should be followed. One of these steps is to extend the ldap schema, which explains the error you are receiving when trying to migrate the datastore to LDAP via port 636.

For complete details, please refer to documentation:
- https://www.netiq.com/documentation/privileged-account-manager-3/npam_admin/data/managedatastore.html
- https://www.netiq.com/documentation/privileged-account-manager-3/npam_admin/data/change_datastore.html
Note: Order matters in Step 4, as it includes extending the ldap schema prior to migration.

Extending the LDAP schema of the eDirectory server will configure the LDAP server to support PAM objects. For details on how to do this, please refer to docs:
https://www.netiq.com/documentation/privileged-account-manager-3/npam_admin/data/extendingschema.html
Note: This step is referenced in the above documentation sources.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.